Ask Your Question
0

How to add CA of internet web proxy

asked 2016-03-09 09:42:03 -0500

LinuxArchitect gravatar image

I'm using a centos 7 system as my master behind a corporate web proxy. How do I add the self-signed CA certificate of the proxy such that puppet will use and trust it?

I can access the puppetlabs modules using wget but not with 'puppet module'. The web proxy has a self-signed CA certificate which I have installed in the Red Hat ca bundle and the puppet-cacerts keystore. Using strace, I don't see puppet opening the keystore file before it spits out:

Error: Could not connect via HTTPS to https://forgeapi.puppetlabs.com Unable to verify the SSL certificate The certificate may not be signed by a valid CA The CA bundle included with OpenSSL may not be valid or up to date

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2016-03-09 11:05:30 -0500

LinuxArchitect gravatar image

It works after I linked /opt/puppetlabs/puppet/ssl/cert.pem to /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem, to match the Red Hat configuration which links /etc/pki/tls/cert.pem to that file. Is there a better solution?

So the /opt/puppetlabs/puppet/ssl/puppet-cacerts file is a red herring? What uses it?

Thanks.

George

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2016-03-09 09:42:03 -0500

Seen: 374 times

Last updated: Mar 09 '16